• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Microsoft Windows MSDTC Memory Corruption Vulnerability

The Microsoft Windows MSDTC (Microsoft Distribution Transaction Coordinator) service is prone to a memory corruption vulnerability. This issue could allow for execution of arbitrary code in the context of the service. The vulnerability may be remotely exploitable in some circumstances, but will also permit local privilege escalation.

This issue is remotely exploitable on Windows 2000 platforms, since the Network DTC is enabled by default on this platform. On Windows XP, this issue may be remotely exploitable if a local user has started the service. On Windows Server 2003, this vulnerability is limited to local privilege escalation unless Network DTC has been explicitly enabled by an administrator. This issue is not present on Windows XP SP2 and Windows Server 2003 SP1.

Update: Microsoft reports several systems have experienced one or more problems after installing the critical update from Microsoft Security Bulletin MS05-051 for this issue. For a more detailed explanation of these problems please see the attached microsoft knowledge base article 909444.